Should I vary the length of my completely-random passwords for the best security?

Therefore, would my using a variety of lengths yield appreciably more security than using just one length?

No, the only thing it will accomplish is to make the shorter ones weaker.

For why hiding your password length doesn't matter, see this question (disclaimer, the accepted answer is mine):

How critical is it to keep your password length secret?


Thought experiment: how long a password is physically uncrackable? Well, the sun contains roughly 1.2x1044 Joules of nuclear fuel. Let's assume we had a magic register of bits that required only 1 eV to flip a bit (1 electron volt = 1.602×10−19 Joules). It turns out that with a register of 208 bits, counting from 0 to 2208 would require you to consume the energy equivalent of the sun. So, assuming you're making passwords using the 95 printable ASCII characters, then consuming the sun would crack you a 208 bit ~= 32 character password.

How "magical" is this register? Well according to Table 1 (p. 6) of this paper:

An Accurate Instruction-Level Energy Consumption Model for Embedded RISC Processors

one ARM assembly instruction (ADD, SUB, XOR, ...) consumes about 300 pJ ~= 3.0x10-10 Joules ~= 1.8x109 eV per instruction on a low-power embedded device. Given this efficiency, consuming the sun would crack you a 28 character password.

If you're using randomly-generated passwords, then I don't see any reason that anybody should ever use more than 32 chars, but you can probably get away with a lot less against attackers who don't have a sun to spend cracking your password.


I wouldn't bother with varying the length. 15 characters from a 95-character space is probably more than sufficient - and varying the length won't buy you as much as simply increasing the length.

Using even a simplified character set C (the alphanumeric character set) = 62 characters, H (hashing speed of the attacker) = 100TH/s, and Y (the time that you want the password to resist brute force) = 100 years:

ceil( logC (H * Y * 31556926 [sec/year]) )

... the non-Moore’s-law-aware length that would fit that risk model is 14 characters.

Taking Moore's law into account, using the anrieff.net calculator, such a password would resist brute force for 16 years 2 months.

Increasing the character set to the printable ASCII space and using 20 characters, the Moore's-law-aware time jumps to 79 years (in case you want your password to outlive you). (Keep in mind that this is the time to fully exhaust the space. Since half such passwords would be guessed in half of that time, you'd need to size according to your threat model).